Vulnerability Details : CVE-2006-5198
Public exploit exists!
The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2006-5198
Probability of exploitation activity in the next 30 days: 96.12%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2006-5198
-
WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow
Disclosure Date: 2007-11-02First seen: 2020-04-26exploit/windows/browser/winzip_fileviewThe FileView ActiveX control (WZFILEVIEW.FileViewCtrl.61) could allow a remote attacker to execute arbitrary code on the system. The control contains several unsafe methods and is marked safe for scripting and safe for initialization. A remote attacker could exploi
CVSS scores for CVE-2006-5198
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:N |
4.9
|
4.9
|
NIST |
References for CVE-2006-5198
-
http://www.winzip.com/wz7245.htm
-
http://isc.sans.org/diary.php?storyid=1861
-
http://www.securityfocus.com/archive/1/451589/100/0/threaded
-
http://www.securityfocus.com/bid/21060
WinZip WZFileView.FileViewCtrl.61 ActiveX Control Multiple Remote Code Execution Vulnerabilities
-
http://www.zerodayinitiative.com/advisories/ZDI-06-040.html
Vendor Advisory
-
http://www.vupen.com/english/advisories/2006/4509
-
http://securitytracker.com/id?1017226
-
http://www.kb.cert.org/vuls/id/512804
US Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067
Products affected by CVE-2006-5198
- cpe:2.3:a:winzip:winzip:10.0:*:*:*:*:*:*:*